Karl Robinson
July 15, 2020
Karl is CEO and Co-Founder of Logicata – he’s an AWS Community Builder in the Cloud Operations category, and AWS Certified to Solutions Architect Professional level. Knowledgeable, informal, and approachable, Karl has founded, grown, and sold internet and cloud-hosting companies.
ECS and EKS are both container orchestration services from AWS—in this post we take a look at ECS vs EKS to see which one will be more appropriate for your containerized workloads.
Container adoption is on the rise—the technology has become popular due to its efficient resource utilization and portability. A container is essentially a software package that includes code, configurations and dependencies so that an application can be quickly launched and reliably run on any computing environment. This means that a developer can develop an app in a container on their laptop, then run that container on any cloud or on-premise infrastructure without making any changes to it.
Virtualization is handled at the operating system level rather than the hardware level, meaning containers can make much more efficient use of the underlying infrastructure. Just as multiple virtual servers can share the same physical hardware, multiple containers can share the same operating system.
There are a number of different types of containers available, with Docker being one of the most widely recognized and adopted. Other container formats include:
- LXD
- OpenVZ
- Rkt
- Windows Server Containers
- Hyper-V Containers
Containers can achieve very high density compared to virtual machines—but this in itself presents a management or ‘orchestration’ challenge when operating containers at scale. This is where container orchestration has become a necessity. Container orchestration manages the entire life-cycle of containers, taking care of tasks such as:
- Provisioning and deployment of containers on the underlying compute infrastructure
- Container availability and redundancy
- Container elasticity (scale up, scale down)
- Compute resource allocation
- Monitoring containers and hosts
- Application deployment
Amazon ECS vs EKS
Enter ECS and EKS—two solutions from AWS that help to solve the challenge of container orchestration. Let’s first take a look at the two AWS services, then compare and contrast them to help you decide which is the best option for you.
Amazon ECS
Amazon ECS (Elastic Container Service) is a fully managed container orchestration service—essentially ‘Docker as a Service’. ECS is a tried and tested solution that is used to power many other AWS services, including Amazon.com’s recommendation engine, Amazon SageMaker and Amazon Lex. This means that ECS is production ready in terms of security, reliability and availability.
ECS integrates with AWS Fargate, enabling a true ‘serverless’ compute option for running containers on AWS, removing the need to provision and manage servers. But, it can also be used with EC2 instances, or a mix of Fargate managed resources and EC2 instances, providing a truly flexible environment to run your containers and match resource fees to application utilization.
ECS pulls container images from ECR (Elastic Container Registry), where container images can be built and stored. Containers can also be pulled from other third party container image repositories, such as Docker Hub. Users then define the container images and resources needed for their application in ECS, and ECS can launch the application either onto EC2 or Fargate. ECS then takes care of scaling the application and ensuring application availability.
ECS has the ability to self heal—failed containers are re-launched automatically using auto-recovery.
ECS works on the concept of ‘Tasks’—a task definition is written in JSON (Java Script Object Notation).
ECS supports both Docker containers and Windows containers.
Amazon EKS
Amazon EKS (Elastic Kubernetes Service) is a fully managed Kubernetes service. Kubernetes is an open source system for automating the deployment, scaling and management of containerized applications. Amazon EKS enables AWS customers to run Kubernetes on AWS without needing to build and maintain their own Kubernetes control plane, which consists of a kube-apiserver, etcd, kube-scheduler, kube-controller-manager and cloud-controller-manager.
The Kubernetes control plane nodes are responsible for starting and stopping containers, scheduling containers on virtual machines, storing cluster data and other tasks. Amazon EKS automatically manages the scaling and availability of the Kubernetes control plane nodes.
EKS provides a scalable, highly available Kubernetes control plane that spans three AWS availability zones.
Like ECS, EKS can integrate with AWS Fargate, which removes the need to provision and manage servers for the Kubernetes nodes or worker machines on which the containers will run. EKS also integrates with other AWS networking and security services, including the Application Load Balancer for load distribution, Identity and Access Management (IAM) for role-based access control, and Virtual Private Cloud (VPC) for secure Kubernetes pod networking.
EKS works on the concept of ‘Pods’—pods are defined by a ‘manifest file’ which is written in YAML (YAML Ain’t Markup Language). An EKS Pod is equivalent to an ECS Task.
EKS supports both Windows and Linux worker nodes in the same cluster.
Amazon (AWS) ECS vs Kubernetes
So, now we understand that EKS and ECS are both fully managed container orchestration services offered by AWS. What’s the difference? And why choose one over the other? Let’s take a look at some of the key differences between the two services.
Vendor Lock-In
ECS is an AWS proprietary technology, whereas EKS runs Kubernetes, which is open source.
One of the key benefits of containers is that they can run anywhere, so when deciding between ECS and EKS you need to ask yourself: Will I want to run my containers anywhere other than AWS? If the answer is yes, you’ll need to go with Kubernetes and EKS. If the answer is no, then ECS will work just fine for you.
Networking
With ECS, ENIs (Elastic Network Interfaces i.e. Virtual NICs) can be allocated to a ‘Task’. An EC2 instance can support up to 120 tasks. With EKS, ENIs can be allocated to and shared between Kubernetes pods, enabling the user to place up to 750 Kubernetes pods per EC2 instance (depending on the size of the instance), which achieves a much higher container density than ECS.
Security
From a security perspective, there is little difference between ECS and EKS. Previously, it was not possible to associate an IAM role to a container in EKS, but this functionality was added in late 2019.
Both ECS and EKS pull container images from secure storage in ECR (Elastic Container Registry), which is the AWS service for storing Docker images.
Simplicity of Deployment
ECS is an out-the-box solution, which can easily be deployed via the AWS console. As it is a fully managed PaaS service from AWS, there is no control plane to configure—once ECS is set up, users can start deploying tasks straight away from within the AWS console.
EKS is a little more complex and requires more configuration and therefore more expertise. After setting it up in the AWS console, users then need to configure and deploy Kubernetes pods using Kops.
Pricing
AWS does not charge for the use of ECS—you simply pay for the compute resources consumed by your containers, whether that be on EC2 instances or a serverless compute with Fargate. For EKS there is a charge of $0.10 per hour for each EKS cluster that is created.
ECS vs EKS: Which One to Choose?
ECS and EKS are both very capable container orchestration solutions that will help you to manage containers at scale, so there is no right or wrong answer.
If you are a complete container novice, then you’ll find it easier to get started with ECS.
If you are experienced with containers already, or if you are already running Kubernetes clusters, then EKS will be a better fit. And as mentioned above, if you are concerned about vendor lock-in and maybe want to run container workloads outside of AWS, then EKS is the right choice.
Whatever you decide when choosing between ECS and EKS, Logicata’s AWS Managed Services is always an option should you require help with the deployment and ongoing management of your containerized workloads.